The National Security Agency (NSA) informed Microsoft of “a series of critical vulnerabilities” in Microsoft Exchange, leading the company to release a new update.
Microsoft said in a blog post that it had “not seen” the vulnerabilities used against its customers, but advised users to install Microsoft Exchange updates as soon as possible.
“Given recent adversary attention on Exchange,” the company said, “we suggest customers install the updates as soon as possible to ensure they remain safe from these and other threats.” It was previously revealed in March that alleged Chinese hackers had exploited various Exchange server vulnerabilities to spy on thousands of U.S. organizations.
All federal agencies are being asked to “immediately patch” their servers, according to Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, who has been heading the US government’s response to both the prior Exchange hack and the SolarWinds cyber espionage effort blaming Russia.
The NSA has only recently begun disclosing software bugs, having previously collected and kept classified vulnerabilities for its own intelligence gathering purposes.
However, in January 2020, the agency discovered a crucial flaw in Microsoft Windows 10, which it disclosed as part of an attempt to “build trust” with its partners and the general public.
Read More on Tech Gist Africa:
According to LinkedIn, some user data was scraped and offered for sale